3) Vulnerabilities were exposed in password manager LastPass and virtualization platform VMware. Patches only exist for the latter.

4) Exploit code for a zero-day vulnerability in (now-unsupported) Microsoft IIS 6.0 was published, putting large numbers of websites at risk.

5) The creator of a legitimate remote administrator tool (RAT), which was used by hackers in several intrusions, is under arrest - and researchers fear his prosecution will have a chilling effect on research.